- ページ 23
ネットワーク・ハードウェア Cisco 7606のPDF ユーザーマニュアルをオンラインで閲覧またはダウンロードできます。Cisco 7606 28 ページ。 User guide
Cisco 7606 にも: パンフレット (8 ページ)
Table 3
CSP
Number
22
23
24
25
26
27
28
29
30
31
Table 4
Catalyst 6509 Switch, Cisco 7606 Router, and Cisco 7609 Router with VPN Services Module Certification Note
OL-6334-01
Critical Security Parameters (continued)
Key or CSP Name
Description
authentication key
This key is used by the router to authenticate itself to the
peer. The router or switch gets the password (that is used
as this key) from the AAA server and sends it onto the
peer. The password retrieved from the AAA server is
zeroized upon completion of the authentication attempt.
ssh server key
The RSA public key used in SSH. It is zeroized after the
termination of the SSH session. This key does not need to
be zeroized because it is a public key.
PPP authentication
The authentication key used in PPP. This key is in the
key
DRAM and not zeroized at runtime. To zeroize the key,
you can turn off the switch or the router.
authentication key2 This key is used by the router to authenticate itself to the
peer. The key is identical to key 22 except that it is
retrieved from the local database (on the switch or
router). Issuing the command no username password
zeroizes the password (that is used as this key) from the
local database.
ssh encryption key
This is the SSH session key. It is zeroized when the SSH
session is terminated.
User Password
The password of the user role. This password is zeroized
by overwriting it with a new password.
CO Enable
The plaintext password of the cryptographic officer (CO)
Password
role. This password is zeroized by overwriting it with a
new password.
CO Enable Secret
The ciphertext password of the cryptographic officer
Password
(CO) role. The algorithm used to encrypt this password is
not FIPS approved; this password is considered plaintext
for FIPS purposes. This password is zeroized by
overwriting it with a new password.
Radius shared
The RADIUS shared secret. This shared secret is
secret
zeroized by executing the no form of the RADIUS
shared-secret set command.
TACACS+ shared
The TACACS+ shared secret. This shared secret is
secret
zeroized by executing the no form of the TACACS+
shared-secret set command.
lists the services accessing the CSPs, the type of access and which role accesses the CSPs.
Cryptographic Key Management
Storage
DRAM
(plaintext)
DRAM
(plaintext)
DRAM
(plaintext)
NVRAM
(plaintext)
DRAM
(plaintext)
NVRAM
(plaintext)
NVRAM
(plaintext)
NVRAM
(plaintext)
NVRAM
(plaintext)
DRAM
(plaintext)
NVRAM
(plaintext)
DRAM
(plaintext)
23